Plant Security Consulting Services

Challenges for Customers

How to assess the vulnerability of industrial control systems?

Yokogawa offers a variety of solutions for assessing the vulnerability of a system ranging from assessment to audit, and provides solutions to minimize security issues and vulnerabilities. Yokogawa can perform security assessments, help with creating a security policy, and also conduct audits of security programs. These services help customers to identify, evaluate, and mitigate the risks present in their systems.

Our Solutions

Yokogawa's skilled security consultants

Yokogawa's security consultants can help you to ensure the security of your network from the following five aspects.

Policy
The policy largely determines what security controls must be applied to the network and systems running on the network. It must provide clear and concise objectives which will be translated into procedures.

Procedures
Procedures are detailed instructions about how a policy is to be implemented. Written procedures ensure consistency in the application of the security controls specified in the security policy. Procedures help ensure that controls are applied effectively.

Physical Security
Physical security reduces the ways that a person with malicious intent can physically reach devices such as network equipment and servers. These physical controls include locks, perimeter fences and video surveillance.

Network Security
The network is a route for data communications, and is the basic infrastructure that applications need in order to work; without it, equipment cannot be updated or patched. Security controls are required to ensure that the network remains available.

End-point Security
Host based security focuses on protecting the “end-points” (workstations and servers) from malicious or accidental actions. Malicious actions may cause data loss or unauthorized access to the system.

Customer Benefits

You can identify what you need.

'Yokogawa’s security consultants can help you by conducting a security assessment as the first step.
They will produce a report that clearly identifies your vulnerabilities and indicates the actions you should take to prevent them. The assessment will check the security countermeasures at the site and will assist you to determine if improvements are necessary.

Enabling Technology

IT/OT Solution Consultation by Professionals

Global Industrial Cyber Security Professionals (GICSP) is a relatively new professional qualification, first introduced in November 2013, and Yokogawa has been one of the leading companies in the industrial automation industry in obtaining certification for its employees. This attests to the high-level industrial cyber security expertise of its workforce and reflects the company's longstanding commitment to bringing its customers safety and asset excellence.

The Network Healthiness Check Service utilizes the unique Network Traffic Visualization Technology which is incorporated into this "visualization" feature allowing the user to detect any type of unauthorized communication ensuring safe and secure plant operation.

Are you absolutely certain that the communication process in your control system is working normally? No doubt it should be working smoothly. However, as we all know communication traffic cannot be seen with the naked eye.
Cyber-attacks have become increasingly sophisticated and even with basic security measures and implementation of the latest anti-virus software the best computer security can be breached. Users may be unaware that their systems have become compromised due to server attacks, malware infection targeted at zero-day vulnerability, unauthorized access or loss of vital information. In order to counter such threats, a "visualization" feature has been implemented on the network whereby all vital communication can be closely monitored.

Service contents

By enabling the switching hub function on the customer's network, a special device for gathering communications traffic collects and records all communication data.

Compliance to World Market Requirements

The recorded data is periodically gathered and analyzed.

A detailed analysis report is created. From the results of the communication analysis, the findings are described in this report based on its level of importance. The communication status such as the relevance and frequency of transmissions and receptions as well as protocol are visualized by the matrix.

The results of the analysis are presented in a report during the briefing session.

If an abnormal communication is detected, we will determine the cause together with our customers and propose immediate improvements to the system or network as necessary.

Mechanism of data analysis

In the control system, communication is carried out with specific communication contents (command transfer, data transfer, and synchronization of information) to a specified communication partner. By utilizing such communication characteristics, any type of unusual or suspicious communication patterns can be detected by separating the normal data as well as data that has already been confirmed from the multiple communication data that has been recorded.

The following are two examples describing detection/analysis of unusual or suspicious communication patterns.

Example 1: Probable cause of unknown IP address being detected

Communication with an external network is not properly restricted.

An unauthorized PC is connected to the network.

A terminal which is not listed in the system configuration is connected.

There are concerns regarding possible cyber-attacks or malware infection.

There are concerns regarding possible cyber-attacks or malware infection.

Network Traffic Visualization Technology

Collaborative research and development
April, 2007
A collaborative research effort was conducted with the National Institute of Information and Communications Technology (NICT) to develop a system in which a real-time visualization and analysis of communication traffic could be realized.

Yokogawa's network healthiness check service helped the customer identify what they need to protect against cyber-attacks.
By “visualizing” network traffic in control system, the customer was able to detect unauthorized communication in their system.

The number of incidents involving attempted unauthorised access to computer systems via the internet as reported by CERT (Computer Emergency Response Team) was 137,539 in 2003. Statistics show an exponential increase in the number of reported incidents in the last five years. Although this can be partly explained by the increase in the number of computer systems in the world that are connected to the internet, it is nevertheless an alarming fact.

Yokogawa’s industrial automation (IA) product and service offerings, industry domain knowledge, and VigilantPlant approach – which emphasizes safe, secure, and uninterrupted operations -- provide a solid foundation for an Industrial Internet of Things that specifically addresses the requirements of process automation, particularly for the OT side of the equation. To be able to provide an equally solid foundation for the IT side, Yokogawa is partnering with Cisco Systems and other industry leaders.

This white paper provides an overview of how Yokogawa believes its customers can best prepare for and position themselves to benefit from IIoT-enabled technology and solutions and digitalization in general to emerge as the successful connected industrial enterprises of the future.

Network and system security is now a necessity in process automation industry. YOKOGAWA provides a service lifecycle solution for cyber security to ensure that the security measures and deployments are continuously enhanced, monitored and inspected.

This white paper explains the details of the security design, implementation, operation and validation solutions from the technical perspective.

Initially when control and safety systems moved away from being hardwired and relay-based to computerized systems, vendors and asset owners were more interested in functionality than security. Typically, especially in high risk environments in refineries and off-shore oil installations, the systems were standalone with a dedicated Safety Instrumented System.

Over the last ten years more security solutions have available, and more industrial end users have implemented them to protect their businesses. Today nearly all companies use an anti-virus product installed on their industrial control system (ICS), as well as having their ICS segregated from the business network and the Internet by a firewall.